App.No. 10/779,382 

Amendment Dated: April 30, 2008 

Reply to Office Action of October 3 1 , 2007 

Amendments to the Claims; 

1 (currently amended): A method for signing jframe transmissions from a broadcast 
server to a client device, comprising: 

obtaining a data block that is scheduled for transmission in a next frame; wherein the next 
frame includes segment groups: wherein each segment group includes a number (n) of data 
block s: wherein each of the data block includes a plurality of packets : 

selecting a secret key (S„) that is associated with the chent device for a predetermined 
number of the data blocks in the frame; 

generating a count that is associated with a time; 

computing a set of hash keys using the secret key (S„) and the count; 

selecting a hash key (S,) that is associated with the data block, wherein the selected hash 
key corresponds to one of the set of hash keys; 

computing a keyed-hash message authentication code (HMAC) value for the next frame 
using the selected hash key (S,); 

periodically signing and transmitting a datum containing the hash key of an earlier or 
initial frame with a digital signature key (K5) ; and 

assembling the next frame such that the data block and the HMAC value appear before 
the hash key in the frame fransmission. 

2 (original): The method of claim 1 wherein the datum corresponds to at least one of 
{n, So)}Ks and (n, b, Sb) where b corresponds to a preceding frame number from a previous 
frame transmission. 

3 (original): The method of claim 1, fiirther comprising: selecting the count such that 
the count is associated with an index of the data block. 

4 (original): The method of claim 1 , further comprising: selecting the count such that 
the count corresponds to a time stamp associated with an internal clock in the broadcast server. 
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5 (original): The method of claim 1, wherein computing the set of hash keys 
corresponds to applying a one-way hashing function to the secret key (S„) for n iterations such 
thatS, = HASH(S/+i). 

6 (original): The method of claim 1, wherein computing the HMAC value corresponds 
to a hashed message authentication code, wherein a value (H,) associated with the hashed 
message authentication code is given as Hi = HMAC(Ff, S,), where F, corresponds to the data 
being signed, S/ the key for signing, and i the sequence number associated with the data and key. 

7 (original): The method of claim 1, further comprising: selecting a new secret key as 
the secret key (S„) when the previous secret key has been appUed to n data blocks in the next 
frame. 

8 (previously presented) : The method of claim 1 , wherein periodically signing the 
datum comprises signing the datum every frame. 

9 (original): The method of claim 1, further comprising: incrementing the count before 
retrieving a data block that is scheduled for fransmission in the next frame. 

1 0 (previously presented): The method of claim 9, wherein incrementing the count 
corresponds to at least one of: incrementing a time stamp in the broadcast server, incrementing 
the frame number associated with the next frame that is scheduled for transmission, and 
incrementing the block number associated with the next data block in the next frame that is 
scheduled for transmission. 

1 1 (currently amended): A method for authenticating frame fransmissions from a 
server to a client device, comprising: 

retrieving an Rivest Shamir Adleman (RS A) signed datum from a frame; wherein the 
frame includes segment groups: wherein each segment group includes data blocks; wherein each 
of the data blocks include packets: 
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verifying an RSA signature associated with the RSA signed datum from the frame; 
storing a hash key (So) that is associated with the frame when the RSA signature is 
verified; 

retrieving another hash key (S,) and an keyed-hash message authentication code (HMAC) 
value from the frame; 

verifying the other hash key (S,) that is obtained from a previous frame; 
verifying the HMAC value with the other hash key (S/); 

computing a hash kev using a count and a secret key (Sn) that is known by both the server 
and the client device, wherein the count corresponds to a time stamp: 

discarding the frame when at least one of the other hash key (Si) and the HMAC value 
fail verification; and 

accepting the frame when the other hash key (S,) and the HMAC value are successftilly 
verified. 

1 2 (currently amended): The method of claim 1 1 , furth e r comprising evaluating a 
count associat e d with th e client d e vic e , computing a hash k e y using the count and a s e cret k e y 
(S«) that is Icnown by both th e s e rv e r and th e client d e vic e , wherein the count corresponds to at 
l e ast on e of: a time stamp in th e ch e nt d e vic e , identifying identifies the frame number associated 
with the frame, and identifying identifies t he block number that is associated with the frame. 

1 3 (original): The method of claim 1 1 , wherein verifying the other hash key (S,) 
comprises: retrieving a previously stored hash key, retrievmg a count in the client device, 
computing an expected hash key from the previously stored hash key and the count, and 
comparing the expected hash key to the other hash key (Si). 

14 (currently amended): The method of claim 13, wherein the count corresponds to 
at least one of: a time st^ stamp in the chent device, identifying the frame number associated 
with the fi^e, and identifying the block number that is associated with the frame. 
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1 5 (original) : The method of claim 1 1 , wherein verifying the HMAC value with the 
other hash key (S,) comprises: computing a value (Hi) that is associated with a hashed message 
authentication code as given by Hi = HMAC(Fi, Si), where F, corresponds to the data being 
signed, S, the key for signing, and i the sequence number associated with the data and key, and 
comparing the computed value with the retrieved HMAC value from the frame. 

16 (original): The method of claim 1 1, ftirther comprising: storing a verified hash key 
(S/) for verification of fiirther transmission frames after the hash key is accepted. 

1 7 (currently amended): A broadcast communication system for communicating 
frame transmissions from a server to a cUent device, comprising: 

a scheduler that is arranged to provide data blocks to the server for transmission in a next 
frame: wherein each of the data block includes a plurality of packets: 
a counter that is arranged to provide a count in the server; 

a hashing fimction in the server that is arranged to compute hash keys for the next frame 
using the count and a secret key; 

an HMAC function in the server that is arranged to provide an HMAC value in response 
to hash keys associated with the next frame; 

a broadcast processor in the server that is arranged to receive the hash keys, HMAC 
values, and the data blocks, and organize the next frame for fransmissioii 

such that the data block and the HMAC value appear before the hash key in the friune 
transmission. 

18 (original): The broadcast communication system of claim 17, ftirther comprising: 
a broadcast receiver in the cUent device that is arranged to receive a transmitted frame, 

wherein the transmitted frame starts with another HMAC value, continues with another signed 
datum {«, So)}Ks followed by another data block, and ends with another hash key S,; 

a counter in the client device that is arranged to provide another count; 

a hashing ftmction in the client device that is arranged to compute additional hash keys 
for the frame transmission using the other count, the secret key, and previously stored hash keys; 
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a verification function block in the client device that is arranged to verify the other hash 
key (Si) with the additional hash keys and verify the HMAC value with the other hash key (S,) 
and previous hash keys; 

a means for discarding the frame in the cUent device when at least one of the other hash 
key (S,) and the HMAC value fail verification; and 

a means for accepting the frame in the cUent device when the other hash key (S,) and the 
HMAC value are successfiilly verified. 

19 (original): The broadcast conraiunication system of claim 18, ftirther comprising: a 
means for recording the other hash key (S;) when the frame is accepted, wherein the other hash 
key (S,) is utilized for verification of subsequently received transmission frames. 

20 (currently amended): A system for authenticating frame transmissions in a cUent 
device, comprising: 

a broadcast receiver that is arranged to receive a fransmitted frame, wherein the 
fransmitted frame includes segment groups; wherein each segment group includes data blocks: 
wherein each of the data blocks include packets; wherein the transmitted frame includes an 
HMAC value and a data block, and ends with a hash key S,; 

a counter that is arranged to provide a count that has a time dependence; 

a hashing ftinction that is arranged to compute hash keys for the fransmitted frame using 
the count and a secret key; 

a verification fimction block that is arranged to verify the hash key (S,) with the 
computed hash keys, and also arranged to verify the HMAC value with the hash key (S,) and the 
previously stored hash keys; 

a means for discarding the frame when at least one of the hash key (S,) and the HMAC 
value fail verification; 

a means for accepting the frame when the hash key (S,) and the HMAC value are 
successfiilly verified; and 

a means for storing the hash key as a previously stored hash key when the frame is 

accepted such that subsequent frames utilize the stored hash key for verification. 
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